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What is claimed is: 




D A method for centrally managing a computer network, incluc 

maintaining a central database of all N^iJeSlcnown to the computer network; and 
broadcasting a messageJi^NAS list located at each POP in the computer network 
whenever said centt^lilatabase is changed, said message containing information 
regarding th€change. 



\ The method of claim 1, wherein all of said NASes known to the computer network 
Tj^vi are al\ NASes within the computer network which have been chosen as being valid. 



3. Tha method of claim 1, wherein said maintaining is performed by a Network 
Control Coikole. 



15 4. The method of claim 3, wherein said Network Control Console is a graphical 
interface. 
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5. The method oft claim 1, wherein said maintaining includes adding NASes, deleting 
NASes, and modify ingYhe entries of NASes in said central database as the need arises. 



The method of clairml, wherein said broadcasting is performed automatically by a 
broker whenever a change to 9^id central database is made. 
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7. The method of claim 1, wherein said broadcasting includes publishing a broker 
event via a broker. 

8. A method for locally processing an access request at a Point-of-Presence (PoP) in 
a computer network having other PoPs, said access request received from a NAS, the 
method including: \ 

accessing a lisKof network access servers (NASes) known to the PoP and the 
computer network, saidMist located locally at the PoP; and 

validating that saickaccess request was received from a known entity by 
determining if an entry exis\s in said list for the NAS from which the access request was 
received. \ 

9. The method of claim 8, further including retrieving a user record from a database 
of user records located locally at saio PoP, said database of user records containing 
records for only those users who have\been identified as having the PoP as their home 
PoP. \ 

10. The method of claim 8, wherein eacn entry in said list contains a field identifying a 
NAS and a field identifying a dictionary of attributes supported by the corresponding 
NAS. \ 

11. The method of claim 10, wherein said dictionary of attributes is a RADIUS 
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dictionary. 



12. The method of claim 8, wherein said each entry in said list contains fields for: 
a domain name of a NAS; 
a vendor name of said NAS; 

a shared secret between all known NASes and AAA servers in the network; and 
a dictionary name, said dictionary name indicating a dictionary of attributes 
supported by said NAS. 



JO 13. The method of claim lV, wherein said validating further includes validating that 

m said access request was received from a known entity by determining if the domain name 

O that the access request was received from matches the domain name field of any entry in 

Q 

ri said list. 



15 14. The method of claim 13, wherein \aid validating further includes examining 

whether a password supplied with said access request matches the shared secret field of a 
corresponding entry in said list if the domain name that the access request was received 
from matches the domain name field of any entiV in said list. 

20 15. The method of claim 12, wherein said dictionary of attributes is a standard 
RADIUS dictionary. 
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16. The methbd of claim 8, wherein said accessing and validating are performed by an 
Authentication, ^authorization, and Accounting (AAA) server. 

17. The method of claim 8, further including subscribing to a broker event to update 
said list whenever a NAS known to the computer network is added, deleted, or modified. 



%y A method for handling an access request at a Pq£<s#Ki access request generated by 
a user logging on to said PoP, said user havipgif home PoP, the method including: 
determining if said user's hgm6 PoP is said PoP; 

forwarding said acpe^s request to an AAA server located at said PoP if said user's 



home PoP is said IMP; and 



relayirfg said access request to said user's home PoP if said user's home PoP is not 



said Re 



19. The method of claim 18, wherein said determining, forwarding, and relaying are 
performed by a Protocol Gateway. 



20. The method of claim 18, wherein said determining includes examining a user 
name entered by said use? 



21. The method of claim 20, wherein said determining further includes parsing said 
user name to reveal a PoP location indicated within said user name. 
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22. The method of claim 21, wherein said PoP location indicated within said user 
name is a city name as a rorefix to said user name. 

23. The method of claim 21, wherein said PoP location indicated within said user 
name is an abbreviation for acity name contained within a domain name affixed to the 
end of said user name. \ 

24. The method of claim 20, wherein said determining further includes parsing said 
user name to reveal a domain namA said domain name indicating an ISP in control of 
said home PoP. \ 

25. An apparatus for centrally managing a computer network including: 
a central NAS list maintainer; \ 

a NAS list broadcaster coupled toWid central NAS list maintainer and coupled to 
said computer network. \ 

26. The apparatus of claim 25, wherein said central NAS list maintainer and said NAS 
list broadcaster are contained within a Network Control Console. 

27. The apparatus of claim 25, wherein said ientral NAS list maintainer is coupled to a 
central NAS list, said central NAS list containingWtries for each NAS known to the 
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computer network. 

28. The apparatus of claim 27, wherein each NAS known to the computer network is a 
NAS which has been chosen as being valid. 

29. The apparatus oKclaim 25, wherein said NAS list broadcaster is coupled to a 
broker. \ 

30. An apparatus for locally Vocessing an access request at a PoP in a computer 
network having other PoPs, said access request received from a NAS, the apparatus 
including: \ 

a memory configured to store a MAS list, said NAS list containing entries on each 
NAS known to the PoP and the computeraietwork and located locally at the PoP; 
a NAS list accessor coupled to said NAS list; and 
an access request validator coupled toVaid NAS list accessor. 

3 1 . The apparatus of claim 30, further including: 

a user record database located locally at saidVoP, said user record database 
containing records for only those users who have beemidentified as having the PoP as 
their home PoP; and \ 

a user record retriever coupled to said user record database and coupled to said 
access request validator. \ 
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32. The apparatus of claim 30, wherein each entry in said NAS list contains a field 
identifying a NAS and a field identifying a dictionary of attributes supported by the 
corresponding NAS j 

33. The apparatus of fyaim 32, wherein said dictionary of attributes is a RADIUS 
dictionary. 

34. The apparatus of claim 3u, wherein said each entry in said list contains fields for: 
a domain name of a NAS; 
a vendor name of said NAS;^ 
a shared secret between all kn&wn NASes and AAA servers in the network; and 
a dictionary name, said dictionary name indicating a dictionary of attributes 

supported by said NAS. 

35. The apparatus of claim 33, wherein sai<^ dictionary of attributes is a standard 
RADIUS dictionary. 



36. The apparatus of claim 30, wherein said NASuist accessor and said access request 
20 validator are contained in an Authentication, Authorization, and Accounting (AAA) 
server. 
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37. The apparatus of claim 30, further including: 



eve^l 



a broker event subscriber coupled to said NAS list. 




An apparatus for handling an access request at a PoP, said acj^rfequest generated 
5 by a user logging on to said PoP, said user having jJaetfiePoP, the apparatus including: 
a user home PoP determiner; aj 

an access request fop^rder coupled to said user home PoP determiner, said access 
request forwarckp^oupled to an AAA server if the PoP is said user's home PoP and 
couplecLto a computer network if the PoP is no said user's home PoP. 
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J* ^Q^i rrhe apparatus of claim 38, wherein said user home PoP determiner and said access 
O Qjequesttforwarder are contained within a Protocol Gateway. 



2 40. A pk)gram storage device readable by a machine, tangibly embodying a program 
15 of instructions executable by the machine to perform a method for centrally managing a 
computer network, the method including: 

maintaining a central database of all NASes known to the computer network; and 
broadcasting message to a NAS list located at each POP in the computer network 
whenever said centra\ database is changed, said message containing information 
20 regarding the change. 



41. A program storage device readable by a machine, tangibly embodying a program 
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of instructions exe<\ut^ble by the machine to perform a method for locally processing an 
access request at a Fbint-of-Presence (PoP) in a computer network having other PoPs, 
said access request rqceived from a NAS, the method including: 

accessing a listW network access servers (NASes) known to the PoP and the 
5 computer network, saidyist located locally at the PoP; and 

validating that saiaaccess request was received from a known entity by 
determining if an entry exist^ in said list for the NAS from which the access request was 
^ received. 

s 

10 v^j)2- A program storage devic& readable by a machine, tangiblyfembodying a program 
of instructions executable by the machine to perform a metl^fl for handling an access 
request at a PoP, said access request generated by a usejxlogging on to said PoP, said user 
having a home PoP, the method including: 

determining if said user's home PoP is s^fd PoP; 
15 forwarding said access request to ai^AA server located at said PoP if said user's 

home PoP is said PoP; and 

relaying said access reques^ro said user's home PoP if said user's home PoP is not 
said PoP. 
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